Bug 505338 - dbus is leaking open file descriptor in inotify_init
Summary: dbus is leaking open file descriptor in inotify_init
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: dbus
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 508499
TreeView+ depends on / blocked
 
Reported: 2009-06-11 14:47 UTC by Daniel Walsh
Modified: 2009-07-22 21:55 UTC (History)
5 users (show)

Fixed In Version: 1.2.12-2.fc11
Clone Of:
: 508499 (view as bug list)
Environment:
Last Closed: 2009-07-22 21:42:11 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
inotify patch to stop leak (541 bytes, text/plain)
2009-06-11 14:47 UTC, Daniel Walsh 		no flags Details
View All

Description Daniel Walsh 2009-06-11 14:47:46 UTC 
Created attachment 347420 [details]
inotify patch to stop leak

Description of problem:

Should be back ported to F11, F10, RHEL5 if possible.  Just causes lots of AVC's in domains that do not use inotify.
Comment 1 Eric Paris 2009-06-11 15:02:03 UTC 
I wouldn't really suggest that particular patch....

but it's close.  you can make it inotify_init1() which takes flags like IN_CLOEXEC, but inotify_init() takes a void.  inotify_init1 requires a newer kernel.  the safest most backwards compatible way would be to add

int flags;
flags = fcntl(inotify_fd, F_GETFD);
if (flags == -1)
    /* Handle error */;
flags |= FD_CLOEXEC;
fcntl(inotify_fd, F_SETFD, flags);
Comment 2 Matthias Clasen 2009-06-11 19:21:03 UTC 
Hmm, I guess other inotify using code should get the same fix ? Such as the file monitoring code in gio...
Comment 3 Daniel Walsh 2009-06-11 21:47:58 UTC 
If they are going to execute a confined domain, then they need to make sure all file descriptors are locked before exec.  Otherwise the confined apps end up with avc's suggesting they need inotify.  So far we have found cron and dbus with this problem.
Comment 4 Matthias Clasen 2009-06-27 22:54:51 UTC 
Filed upstream: https://bugs.freedesktop.org/show_bug.cgi?id=22516
Comment 5 Fedora Update System 2009-06-27 23:19:26 UTC 
dbus-1.2.12-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/dbus-1.2.12-2.fc11
Comment 6 Fedora Update System 2009-06-27 23:20:52 UTC 
dbus-1.2.4-4.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/dbus-1.2.4-4.fc10
Comment 7 Fedora Update System 2009-06-30 21:32:57 UTC 
dbus-1.2.4-4.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dbus'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-7130
Comment 8 Fedora Update System 2009-06-30 21:35:03 UTC 
dbus-1.2.12-2.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dbus'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7136
Comment 9 Fedora Update System 2009-07-22 21:42:05 UTC 
dbus-1.2.4-4.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2009-07-22 21:55:15 UTC 
dbus-1.2.12-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.